February 20, 2011

Follow me:

HowTo: Hack a wi-fi network

Doesn’t it suck when you see your laptop’s catching so many wi-fi signals but none of them is accessible.. don’t you feel like “I wish I could some how break the password and dive into the deep oceans of the information” I beleive everyone should be able to have free internet. If someday I make it big enough and I’ll be having ample money.. I promise I’ll provide free wifi hotspots all over the places.. “Let there beINTERNET”.. even If I don’t get rich.. I’ll become a politician and would make Internet a Fundemental right to every citizen.. Now that would be something..

That’s enough with the Castles in the air.. now lets get back to reality..

What I can do for you right now is that I can tell you how to hack a wifi network to access Internet.. Some would call it stealing.. some like me won’t..

I’ll call it Sharing.. Sharing is what on which the whole Internet is build upon…

So.. Here’s how we do it..

1) First we need to scan for available wireless networks.

Theres this great tool for windows to do this.. called “NetStumbler” or Kismet for Windows and Linux and KisMac for Mac

Below is a screenshot of NetStumbler.. It will show you a list of all the wireless access points in your range.

WEP have many flaws that allows a hacker to crack a WEP key easily.. whereas

WAP is currently the most secure and best option to secure a wi-fi network..

It can’t be easily cracked as WEP because the only way to retreive a WAP key is to use a brute-force attack or dictionary atack.

Here I’ll tell you how to Crack WEP

To crack WEP we will be using Live Linux distribution called BackTrack to crack WEP.

BackTrack have lots of preinstalled softwares for this very purpose..

The tools we will be using on Backtrack are:

Kismet – a wireless network detector

airodump – captures packets from a wireless router

aireplay – forges ARP requests

aircrack – decrypts the WEP keys

1. First of all we have to find a wireless access point along with its bssid, essid and channel number. To do this we will run kismet by opening up the terminal and typing in kismet. It may ask you for the appropriate adapter which in my case is ath0. You can see your device’s name by typing in the command iwconfig.

2. To be able to do some of the later things, your wireless adapter must be put into monitor mode. Kismet automatically does this and as long as you keep it open, your wireless adapter will stay in monitor mode.

3. In kismet you will see the flags Y/N/0. Each one stands for a different type of encryption. In our case we will be looking for access points with the WEP encryption. Y=WEP N=OPEN 0=OTHER(usually WAP).

4. Once you find an access point, open a text document and paste in the networks broadcast name (essid), its mac address (bssid) and its channel number. To get the above information, use the arrow keys to select an access point and hit <ENTER> to get more information about it.

5. The next step is to start collecting data from the access point with airodump. Open up a new terminal and start airodump by typing in the command:

airodump-ng -c [channel#] -w [filename] –bssid [bssid] [device]

In the above command airodump-ng starts the program, the channel of your access point goes after -c , the file you wish to output the data goes after -w , and the MAC address of the access point goes after –bssid. The command ends with the device name. Make sure to leave out the brackets.

6. Leave the above running and open another terminal. Next we will generate some fake packets to the target access point so that the speed of the data output will increase. Put in the following command:

In the above command we are using the airplay-ng program. The -1 tells the program the specific attack we wish to use which in this case is fake authentication with the access point. The 0 cites the delay between attacks, -a is the MAC address of the target access point, -h is your wireless adapters MAC address, -e is the name (essid) of the target access point, and the command ends with the your wireless adapters device name.

7. Now, we will force the target access point to send out a huge amount of packets that we will be able to take advantage of by using them to attempt to crack the WEP key. Once the following command is executed, check your airodump-ng terminal and you should see the ARP packet count to start to increase. The command is:

aireplay-ng -3 -b [bssid] -h 00:11:22:33:44:5:66 [device]

In this command, the -3 tells the program the specific type of attack which in this case is packet injection, -b is the MAC address of the target access point, -h is your wireless adapters MAC address, and the wireless adapter device name goes at the end.

8. Once you have collected around 50k-500k packets, you may begin the attempt to break the WEP key. The command to begin the cracking process is:

aircrack-ng -a 1 -b [bssid] -n 128 [filename].ivs

In this command the-a 1 forces the program into the WEP attack mode, the -b is the targets MAC address, and the -n 128 tells the program the WEP key length. If you don’t know the -n , then leave it out. This should crack the WEP key within seconds. The more packets you capture, the bigger chance you have of cracking the WEP key.

Warning: Missing argument 1 for BaseDD::BaseDD(), called in /home4/snehil/public_html/addon-domains/snehilkhanor.com/sub-domains/blog/wp-content/plugins/digg-digg/include/dd-manual.php on line 123 and defined in /home4/snehil/public_html/addon-domains/snehilkhanor.com/sub-domains/blog/wp-content/plugins/digg-digg/include/dd-class.php on line 97

Warning: Missing argument 2 for BaseDD::BaseDD(), called in /home4/snehil/public_html/addon-domains/snehilkhanor.com/sub-domains/blog/wp-content/plugins/digg-digg/include/dd-manual.php on line 123 and defined in /home4/snehil/public_html/addon-domains/snehilkhanor.com/sub-domains/blog/wp-content/plugins/digg-digg/include/dd-class.php on line 97

Warning: Missing argument 3 for BaseDD::BaseDD(), called in /home4/snehil/public_html/addon-domains/snehilkhanor.com/sub-domains/blog/wp-content/plugins/digg-digg/include/dd-manual.php on line 123 and defined in /home4/snehil/public_html/addon-domains/snehilkhanor.com/sub-domains/blog/wp-content/plugins/digg-digg/include/dd-class.php on line 97

Warning: Missing argument 4 for BaseDD::BaseDD(), called in /home4/snehil/public_html/addon-domains/snehilkhanor.com/sub-domains/blog/wp-content/plugins/digg-digg/include/dd-manual.php on line 123 and defined in /home4/snehil/public_html/addon-domains/snehilkhanor.com/sub-domains/blog/wp-content/plugins/digg-digg/include/dd-class.php on line 97

i’ve installed backtrack 3 in a vmware machine also i’m using a tp link adapter for to do it
this is the model tl- wn422g 54 mbps high gain
i have wifi internet
i can surf the internet (inside backtrack)
but the problem starts when i type in the kernel console
airmon-ng
nothing appears in interface channel etc
then i try iw config and also nothing detects and it’s frustrating because i’m connected to the internet
please help me to solve my problem
thanksx

Sometimes I stumble upon a blog post that perfectly answers a question that brought me to perform a search in the first place – your post is a good example of such a happy encounter. Thanks! 🙂Wireless Internet Alberta

Nobody say: in windows hack realy is not possible.I tried many times and finaly concluded-only linux.If you have installed linux in computer
no need any additionaly program.Only start cmd.exe and follow instruction.Very simple and fast.In couple minuts you can take password.In windows is so complicate and reqire more than 4hours for collecting enough number of packet.I spent plenty money for appropriate wi- fi adaptors for lap top.

Sorry,rectification.To hack WEP in linux should install aircrack ng .
Cmd-exe is in windows,in linux it is named terminal.Usualy no need
more than 10min.to find out password.No need back-track or another
similar program.Not any problem about compatibility of adaptor.Only
necessary start wireless card in lap top(blue light)Otherwise,program does not see your external adaptor.It is litle strangely but…

Plz can someone tel me how to browse the internet cuz am stoked hia in my home netwok. No internet acess bt the modern always get conected. Am usin MTN,Glo Airtel netwok in Nigeria. Any software or wateva. Plz hellllpppppppppppppp/ Tank you

Hey,thanks for sharing how to hack a wifi.
But how is the procedure going?I have to download :”kismet” ,then does this software needs to be programmed/assembled?I ve downloaded kismet and tried to work with it but i found that it is very complicated as i couldn`t find any instructions how to use it.

i am really amazed when i saw that WiFi is also hacked and now i am grade 11 student i have great interested to use internet in my every day life but the situation in my country Ethiopia is very difficult but you know i am using internet because there is university near our home which have WiFi connections but the security is very high to enter university illegally this year so please if you can send the software to hack WiFi my computer is windows xp formatted remember there is WiFi connection next to our home. i hope you will share you idea thanks a lot and lot